package com.yxm.springbootsecurity.xss.filter;

import com.yxm.springbootsecurity.xss.servlet.XssHttpServletRequestWrapper;
import lombok.extern.slf4j.Slf4j;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * @author CAESAR
 * @Classname XssFilter
 * @Description 实现xssfilter
 * @Date 2019-09-20 20:35
 */
@WebFilter(filterName = "xssFilter", urlPatterns = "/*") //拦截所有请求
@Slf4j
public class XssFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // 程序防止xss攻击原理

        // 1.使用过滤器拦截所有请求
        //HttpServletRequest servletRequest = (HttpServletRequest) request;
        //  2.getParamater方法
        //XssHttpServletRequestWrapper requestWrapper = new XssHttpServletRequestWrapper(servletRequest);

        // 3.放行
        chain.doFilter(request,response);
    }

    @Override
    public void destroy() {

    }
}
